The firewall blocks or allows traffic based on the rules it has been given. It does not have the ability to identify the detailed nature or activities of any particular traffic. IDS can look at network traffic and understand that traffic based upon a data base of known threats. Here is a simple analogy...

A Firewall is like the iron gates on a building and an IDS is like a perimeter alarm system as well as inside motion detectors.

A DDoS attack can happen to anyone, but mainly web servers are the target...

Oh yeah... There are some great products on the market, the question is whether or not this is for your home or if it's for an enterprise network. The cost of some of these high end systems can be quite expensive, plus you need someone who can decipher the information...

For home use, you could use Norton Internet Security 2003. For any mid to large sized office I would look at the more sophisticated systems (e.g. Cisco, Symantec, BindView and NetIQ)